Securing the Data Center’s physical layer: The need to fix rack level security threats and vulnerabilities
By Sanjay Motwani, Regional Director, Raritan APAC
Data center forms the core of an enterprise’s IT function. The size of a data center can vary based on organization’s need to store, manage, and process data. It nurses critical IT systems and is a vital requirement for business continuity and operational success. With ever increasing sophistication in intrusion methodologies to exploit potential security glitches, there is an eventual need to strengthen security and reliability in data centers, and if compromised can lead to costly catastrophes.In an expanding threat landscape, comprehensive security measures and implementations form the key to securing data assets and ensure agility. Massive data breach was reported towards end of 2017, where data from about 6000 Indian enterprises was put up for sale. Protecting data centers therefore is crucial and must be a CIO’s strategic priority.
Security measures for Data Center environment
Typical security measures include Firewalls and Virtual Private Networks (VPN’s). The Stateful Inspection firewall is most versatile and advanced among firewalls offering robust intrusion prevention, anti-DDoS and antivirus/anti-malware services.VPNs can offer an encrypted protocol protected tunnel to connect to enterprise network. Though such cyber security solutions is a key imperative, today’s hybrid data centers are made up of physical and virtual deployments to drive business agility and efficiency.
Therefore, there is an unequivocal need for physical layer controls to fully ensure and reassure enterprise data is safe from any potential breach. The data center’s physical infrastructure forms the backbone of any business since it provides power, cabling, cooling, racks, physical housing, and fire security services. While there is a need to protect a data center from unauthorized users, there is also a need to prevent downtime through human error, accidents, and mistakes.
The human element: The strongest and weakest link
People form an important part of a data center’s physical security challenge, they are equally the strongest link. There is a risk of insiders who can social engineer security barriers with ease by hurdling over rules and procedures or through guile and deceit. Data center personnel can prevent any intrusion attempts by observing various security protocols, which can prevent unauthorized intrusion. Along with choosing the right people, the right security system together form the best bet to balance risk and damage, thus enabling a strong physical firewall from intruders.
Physical security in a Data Center
To fortify a data center facility, the first logical step is to identify the human entry points that would require access rules and security levels to analyze the depth of security needed to protect the facility. Surveillance cameras, limited entry points, protected building’s machinery, bomb detection facility are some of the regular security measures. The physical security map of a data center can have these zones to protect sensitive access areas: Site Perimeter, Building Perimeter, Computer Area, Computer Room and Equipment Racks. The inner most security layer hosts the racks.
Why secure at the rack level? While biometric access, written entry logs and video surveillance will divulge details on access records, there are also other factors to bear in mind which makes security at the rack level significant. For instance, malicious intruders can plant keyloggers, video cameras, or other tracking devices on the hardware itself before leaving the facility. They could also bypass external network security controls by relaying from behind the firewall or switch.
From a rack security and monitoring standpoint, there is an increasing need to secure data center racks and cabinets with SmartLock electronic door access systems to provide an easy to deploy, cost effective, economically networked locking solution for data enclosures of all types. Data center operators can leverage the PX plug and play sensor technology to connect SmartLock systems and deliver crucial data to the security software. Being compatible with all proximity card systems, the SmartLocks can fit to any existing racks. Such door access systems also improves workflow management at rack level and remain secure even during unprecedented power outages by seamlessly integrating with USB cameras, and asset management strips to control workflow. SmartLocks offer a significantly critical layer of security, offering true value benefits, and giving the much-needed confidence to data center managers on their rack level security framework.
An additional level of access control and security at the rack level is offered by the digital proximity sensors that detect motion around a cabinet. They can be configured to trigger an event such as taking a webcam picture when a cabinet door is opened, thus protecting your rack cabinets from unauthorized access. Further, they offer the flexibility of linking to 3rd party devices such as smoke detectors to alert you of fires.
With the arising complexities in the data center environment, data protection is integral and needs expert attention at the right time.Investing in the physical security layer should also focus on the rack level.When combined with a building’s existing security system, rack level electronic locks create one cohesive security network.In addition, security assurance for the rack cabinets through door locking mechanisms can share alerts while preventing any unauthorised access.It does add significant levels of security and audit trails to your server equipment.
If you have an interesting article / experience / case study to share, please get in touch with us at firstname.lastname@example.org